Announcement

Collapse
No announcement yet.

Need help reading a dump file to determine the cause.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help reading a dump file to determine the cause.

    Hi everyone,


    My computer has been restarting by itself every 2 weeks or so. So what I did I used the WinDbg to analyze the data I recieved from minidump folder. What's telling me that what I could tell the MODULE_NAME: nt is the problem. I went all over the internet and I could not find a definite answer how to resolve this issue.

    Please look below. This is the data I received from the dump file.

    Dose anyone knows what causing the computer to restart using the data below?


    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\xxxx\Desktop\Mini041709-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18226.x86fre.vistasp1_gdr.090302-1506
    Machine Name:
    Kernel base = 0x81c3c000 PsLoadedModuleList = 0x81d53c70
    Debug session time: Fri Apr 17 01:39:52.193 2009 (GMT-7)
    System Uptime: 0 days 19:27:15.526
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .............................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 4E, {9a, b1d0, 6, 2}
    
    Probably caused by : memory_corruption ( nt!MiBadRefCount+26 )
    
    Followup: MachineOwner
    ---------
    
    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    PFN_LIST_CORRUPT (4e)
    Typically caused by drivers passing bad memory descriptor lists (ie: calling
    MmUnlockPages twice with the same list, etc).  If a kernel debugger is
    available get the stack trace.
    Arguments:
    Arg1: 0000009a, 
    Arg2: 0000b1d0
    Arg3: 00000006
    Arg4: 00000002
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0x4E_9a
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from 81cdf91c to 81d090e3
    
    STACK_TEXT:  
    8c9a2b20 81cdf91c 0000004e 0000009a 0000b1d0 nt!KeBugCheckEx+0x1e
    8c9a2b38 81d2b89a 00000000 00001000 00001000 nt!MiBadRefCount+0x26
    8c9a2c14 81d2a29c 93f4f000 0f3ae508 93f4f000 nt!MiFreePoolPages+0x128
    8c9a2c78 81c8952a 93f4f000 00000000 00000002 nt!ExFreePoolWithTag+0x40e
    8c9a2c8c 81e6a62a 00000000 c000009a 81d3b080 nt!MmFreeAccessPfnBuffer+0x2f
    8c9a2ce8 81e69a97 00000000 874a44d0 00000000 nt!PfpFlushBuffers+0x291
    8c9a2d7c 81e11b18 81d3b080 11d83297 00000000 nt!PfTLoggingWorker+0xaa
    8c9a2dc0 81c6aa2e 81e699e7 81d3b080 00000000 nt!PspSystemThreadStartup+0x9d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!MiBadRefCount+26
    81cdf91c cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt!MiBadRefCount+26
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  49ac8fb4
    
    IMAGE_NAME:  memory_corruption
    
    FAILURE_BUCKET_ID:  0x4E_9a_nt!MiBadRefCount+26
    
    BUCKET_ID:  0x4E_9a_nt!MiBadRefCount+26
    
    Followup: MachineOwner

  • #2
    Re: Need help reading a dump file to determine the cause.

    Well a couple of things jump out: Probably caused by : memory_corruption VISTA_DRIVER_FAULT Are you overclocking? Have you updated/re-installed any drivers? Run windows update? Tried removing different bits of ram?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Need help reading a dump file to determine the cause.

      Thanks Andy.

      Comment


      • #4
        Re: Need help reading a dump file to determine the cause.

        Download memtest and see if that picks up any issues.

        Comment


        • #5
          Re: Need help reading a dump file to determine the cause.

          Ok I found out what was the problem, it was the anti-virus. I just reinstalled it and since then no more reboots.

          Comment


          • #6
            Re: Need help reading a dump file to determine the cause.

            Thanks for posting back.

            Comment


            • #7
              Re: Need help reading a dump file to determine the cause.

              WHich AV (for the benefit of future readers)?
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: Need help reading a dump file to determine the cause.

                Originally posted by Ossian View Post
                WHich AV (for the benefit of future readers)?
                Vipre Enterprise.

                Comment

                Working...
                X